Sunflowers Childcare C.I.C. GDPR Privacy Policy

Sunflowers Childcare C.I.C. collects and processes personal data relating to the children who are registered with and attend our setting, their parents and the people with whom we wok in order to successfully carry out our functions. This personal information, which may be recorded manually, electronically or by other means, must be handled and dealt with correctly and we are committed to being transparent about how it is collected and used.


We will ensure that we treat personal information lawfully and correctly, to this end we endorse and adhere to the principles of the General Data Protection Regulation (GDPR) and this policy applies to the collecting and processing of all personal data and also covers our response to any data breach and other rights under the GDPR.


WHO WE ARE

Sunflowers C.I.C is classified as a data controller under the General Data Protection Regulations.


OUR CONTACT DETAILS

Sunflowers Childcare

Community Interest Company


Registered office:

The Cabin

Stone Street Road

Boxford

Suffolk

CO10 5NP


Tel: 01787 211363

Email: info@sunflowers-childcare.co.uk


RESPONSIBILITY FOR DATA PROTECTION

Sunflowers C.I.C is a not-for profit organisation. The people on site responsible for gathering and processing the personal data and data protection are the Administrators.


TYPES OF INFORMATION COLLECTED AND PROCESSED

Sunflowers C.I.C. collects and processes a range of information about its children and parents/carers including;


Personal information - i.e. name, date of birth, address and telephone & email contact details

Characteristics - i.e. ethnicity, language, nationality, country of birth

Attendance information - sessions attended, number of days absent and reasons for absence

Special educational needs and behavioural information

Relevant medical and dietary information - asthma or allergies, accident forms

Family links and emergency contact information

Funding eligibility information - i.e. parent consent forms, additional funding eligibility

EYFS development data - i.e. learning journeys, development tracking


WHY WE COLLECT AND USE THIS INFORMATION

We use the data we collect to:


Support a child's learning and development

Monitor and report on a child's progress

Provide appropriate care

Promote health, safety and welfare - i.e. assessment by Healthcare Professionals

Safeguard and promote the welfare of children

Perform and fulfil our contractual and legal obligations

Comply with the law regarding data sharing

Protect and promote our interests and objectives - i.e. fundraising

Assess the quality of our services


THE LAWFUL BASIS ON WHICH WE USE THIS INFORMATION

We collect and use a child's information under section 537A of the Education Act 1996, and section 83 of the Children Act 1989. We also comply with Article 6(1) and Article 9(2)(b) of the General Data Protection Regulation (GDPR).


COLLECTING PUPIL & PARENT/CARER INFORMATION

Whilst the majority of the child's information you provide to us is mandatory, some of it is provided to us on a voluntary basis. In order to comply with the General Data Protection Regulations we will inform you whether you are required to provide certain child's information to us or if you have a choice in this. We may acquire Personal Date in a number of ways including, but not limited to the following:


Parents and children may provide us with Personal Data about themselves and/or their family in correspondence, forms, documents, during discussions with staff and through our website.

We may acquire Personal Data from other parents, or from people outside the community who know parents or from the children themselves.

We may acquire Personal Data from third parties such as schools and other pre-schools/nurseries, public authorities and public sources.


STORING PUPIL & PARENT/CARER DATA

In most cases we hold a child's data for a minimum of 3 years. We are required to retain funding forms for 6 years and in some cases, for example where there are safeguarding issues, the statutory guidance may extend this period until the child reaches the age of 24 years.


WHO WE SHARE PUPIL & PARENT/CARER INFORMATION WITH

We routinely share child and parent/carer information with:


Schools, nurseries or pre-schools that the child attends after leaving us

Our local authority and where necessary other local authorities

The Department of Education (DfE)

NHS and other Medical/Healthcare Professionals, as appropriate

Education Welfare Officers and Lead Attendance Officers from the local authority


We sometimes (as appropriate or necessary) share child and/or parent/carer information with:


Providers of educational support services - e.g., Educational Psychologists, Speech & Language Therapists


WHY WE SHARE INFORMATION

We do not share information about our children or parent/carers with anyone without prior consent unless the law and our policies allow us to do so.


We are legally required to share a child's data with the  Department for Education (DfE) and our local authority. We are required to share information about our children with our local authority (LA) and the Department for Education (DfE) under section 3 of The Education (Information About Individual Pupils) (England) Regulations 2013.


HOW DO WE KEEP YOUR PERSONAL DATA SAFE

We work to protect the security of your information and have procedures and security measurers and software in place for protecting information that we hold.


LIMITATION OF LIABILITY

Sunflowers Childcare C.I.C. assumes no responsibility or liability with regard to any theft, loss, alteration or misuse of personal data or other information lawfully provided by Sunflowers Childcare C.I.C. to third parties, or with regards to the failure of any third party to abide by this privacy policy.


REQUESTING ACCESS TO YOUR PERSONAL DATA

Under data protection legislation, parents and children have the right to request access to the information that we hold about them. To make a request for your personal information or to be given access to the information we hold on yourself or your child, please contact the setting manager in writing or by email.


You also have the right to:

Object to processing of personal data that is likely to cause, or is causing damage or distress

Prevent processing for the purpose of direct marketing

Object to decisions being taken by automated means

In certain circumstances, have inaccurate personal data rectified, blocked, erased or destroyed; and claim compensation for damages caused by a breach of the Data Protection Regulations.


CONTACTING US

If you have a concern about the way we are collecting or using your personal data, we request that you raise your concern with us in the first instance.